A user came into my computer repair shop with an Acer laptop that happened to be a Google Chromebook. This laptop was dead. It simply doesn’t work. The hard drive works, and under Linux I can mount the filesystems on the hard drive, but the rest of the laptop is shot. We wanted to move the user’s drive to an external hard drive enclosure so that he could at least retrieve his family photos and other data stored on the computer. Obviously, the data would need to be copied off of the Linux filesystems and the drive reformatted to Windows’ NTFS so that it could be read on a Windows PC, and then the data would be copied onto the newly formatted hard drive. The user gets an external hard drive plus all his data, and everyone is happy.
Except for one tiny little problem.
Google Chromebooks encrypt all of the user’s data.
With a key stored in the computer’s Trusted Platform Module (TPM).
If the computer was stolen by someone, this would be a good thing, because that someone wouldn’t have access to the user’s private files. That’s what encryption is supposed to be for, after all…but this laptop wasn’t stolen. The owner had it in his possession, knew the login password, and that should mean that the owner can get into the computer and retrieve his data.
Except the password for that data is stored away in a chip that won’t hand it out unless the computer works and Google’s Chrome OS is what asks for it.
Where does that leave my customer? Simple! With absolutely nothing. A failure of the computer in this case has become equivalent to a total hard drive failure. All of his data is lost forever. There is simply no way I can retrieve it for him without the encryption key locked away in a chip I can’t extract it from. Because the encryption key is not available to the user, the user can’t give it to me to decrypt his information.
Thus, you simply don’t own your own data when it’s on a Chromebook. The maker of the computer and the writer of the operating system do. Please don’t waste your money on a Chromebook…but if you do, back up your stuff.
(To a real external hard drive, not “the cloud.”)